“We think that pretty soon, in a small number of years, everyone will have identity accounts, just like everyone has email and bank accounts,” said Janet Hughes. “Bank accounts and credit card accounts to make payments, email accounts to send messages, identity accounts for a repository of trust and to access a whole range of services online.”
“When you have proven your identity once, you can use that account to access a whole range of services. Not just for central government, but for local government, the health sector and even the private sector.”
GOV.UK Verify is designed to provide a single trusted login across all Government Digital Services, which could include filing a tax return or applying for Universal Credit. The decentralised system relies on eight companies to deliver the data-driven scheme, which requires users to sign up once to be trusted across all services in as little as 15 minutes. Rather than a centrally held database, users will pick one of eight service providers, such as Experian. Read more: UK government identity scheme launched – What is GOV.UK Verify? GOV.UK Verify explained
According to Hughes, there are 80,000 different ways to go through the process of proving your identity – and the scheme accommodates people who may not have a driving licence, or even a mobile phone.
She said that the scheme should make identity more resilient – because if one company has a problem, the other seven can pick up the slack – and that the market-driven approach will spur innovation and drive efficiencies.
And she also claimed that by having just the one platform cut across all digital services, Verify could cut billions in costs for identity assurance.
To allay security concerns, Hughes stated that it’s rarely the technology that is difficult for any implementation, but rather about relationships. Much more important than the technology, she said, is establishing what the rules and what the standards are.
“It’s really easy to understand the power of data,” Hughes said. “[But] we need to establish the rules of the road, we need users to trust our services, we don’t want people to freak out when we start talking to them about accessing their data and using it.”
Failing to do so would alienate the public, and it “will be another generation before data-driven services can happen again.”
“We need to protect people's privacy when we're doing this – even if people don't understand what's happening with their data we need to take responsibility for managing it in a responsible way that protects our privacy and keeps it secure,” she said.
That’s the reasoning behind a monthly advisory session that GDS has with a collection of privacy experts, who see what the Verify team is up to – like a “fully open book”. The advisory group consists of groups like NO2ID, Big Brother Watch, the ICO, and various universities, who helped devise GDS’ standards for using public data.
And these “will apply just as much to any other situation where we're dealing with people's data,” Hughes said. “It's all about putting people in control of what’s happened to their data, to make choices, making it transparent for people, enabling them to opt out, to make sure people can feel confident and trust what we're doing.”
“It’s something that takes up a huge amount of my time – making sure we do that.”